cannot login to WebUI with AD user
86 views
Skip to first unread message
Der PCFreak
Mar 27, 2015, 6:08:20 AM3/27/15
to priva...@googlegroups.com
Hi,
I hope this is the official mailing list of PrivacyID3A, if not please just point me to the correct location.
I am currently evaluating PrivacyID3A. Installation on Ubuntu 14.04 server LTS went fine.
I use privacyidea-apache2 Version: 2.1-1trusty via ppa:privacyidea/privacyidea
After installation I added an administrative user and can login to the webUI with it.
Next steps were adding
I hope this is the official mailing list of PrivacyID3A, if not please just point me to the correct location.
I am currently evaluating PrivacyID3A. Installation on Ubuntu 14.04 server LTS went fine.
I use privacyidea-apache2 Version: 2.1-1trusty via ppa:privacyidea/privacyidea
After installation I added an administrative user and can login to the webUI with it.
Next steps were adding
- ldapresolver pointing to our AD (test works)
- creating a user realm and assigned the ldapresolver to it
As read in the documentation at http://privacyidea.readthedocs.org/ I should now be able to login with any of my AD users, right? - Well, I can't.
I always get "Wrong Credentials".
I tried everything I could imagine to get it working. I tried to login with
- user/adpassword
- user@realm/adpassword
- us...@email.tld/adpassword
- ...
I also tried some policies but as written in the docs, this should not be necessary for the default realm. The default realm users should be able to login to the WebUI, right?
Any hints for me? Any ways to debug this by increasing logs somehow?
Any help would be appreciated.
Thanks in advance.
Peter
aka Der PCFreak
Der PCFreak
Mar 27, 2015, 6:58:58 AM3/27/15
to priva...@googlegroups.com
I have some output of privacyidea.log that might help?
[2015-03-27 11:54:44,037][2529][140658750306048][WARNING][privacyidea.lib.config:496] unable to load resolver module : 'resolvers.SCIMIdResolver' (ImportError('cannot import name getResolverClass',))
[2015-03-27 11:54:44,057][2529][140658750306048][WARNING][privacyidea.lib.config:496] unable to load resolver module : 'resolvers.SCIMIdResolver' (ImportError('cannot import name getResolverClass',))
[2015-03-27 11:54:44,070][2529][140658750306048][WARNING][privacyidea.lib.config:496] unable to load resolver module : 'resolvers.SCIMIdResolver' (ImportError('cannot import name getResolverClass',))
[2015-03-27 11:54:44,088][2529][140658750306048][ERROR][privacyidea.app:1423] Exception on /auth [POST]
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py", line 178, in get_auth_token
superuser_realms=superuser_realms)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 75, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 232, in login_mode
return wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py", line 119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type 'type' is not iterable
Maybe this helps?
Cheers
PCFreak
Cornelius Kölbel
Mar 27, 2015, 7:04:50 AM3/27/15
to priva...@googlegroups.com
Hi PCFreak,
there is a bug in the auth.py.
You can use a work around in the config file pi.cfg:
See https://github.com/privacyidea/privacyidea/issues/109
Configure the SUPERUSER_REALM as a list like:
SUPERUSER_REALM = ["somerealm"]
As soon as you restart apache, you can log in.
Kind regards
Cornelus
there is a bug in the auth.py.
You can use a work around in the config file pi.cfg:
See https://github.com/privacyidea/privacyidea/issues/109
Configure the SUPERUSER_REALM as a list like:
SUPERUSER_REALM = ["somerealm"]
As soon as you restart apache, you can log in.
Kind regards
Cornelus
--
You received this message because you are subscribed to the Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/6f0325d6-ab36-42af-bdd2-d3744ada4b2f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Der PCFreak
Mar 27, 2015, 7:44:40 AM3/27/15
to priva...@googlegroups.com
Hi Cornelius,
thank you, good job, you were absolutely right.
This one liner fixed it (as per my own documentation).
sudo sed -i "s/SUPERUSER_REALM = super/SUPERUSER_REALM = 'super'/g" /etc/privacyidea/pi.cfg
... I am getting closer to my target now!
Greets
Peter
Am Freitag, 27. März 2015 11:08:20 UTC+1 schrieb Der PCFreak:
Reply all
Reply to author
Forward
0 new messages